#include "nx_api.h"
#include "tls_test_utility.h"
#include "nx_secure_x509.h"

static UCHAR TestCA_der[] = {
    0x30, 0x82, 0x03, 0x20, 0x30, 0x82, 0x02, 0x08, 0x02, 0x09, 0x00, 0xc0,
    0xbe, 0x29, 0xae, 0x89, 0x1b, 0xc9, 0xe5, 0x30, 0x0d, 0x06, 0x09, 0x2a,
    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x52,
    0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43,
    0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02,
    0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
    0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a,
    0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
    0x0b, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55,
    0x04, 0x03, 0x0c, 0x06, 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x1e,
    0x17, 0x0d, 0x31, 0x37, 0x31, 0x31, 0x30, 0x39, 0x30, 0x32, 0x33, 0x33,
    0x31, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x38, 0x32, 0x39, 0x30,
    0x32, 0x33, 0x33, 0x31, 0x39, 0x5a, 0x30, 0x52, 0x31, 0x0b, 0x30, 0x09,
    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30,
    0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b,
    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31,
    0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x45, 0x4c,
    0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x45,
    0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06,
    0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
    0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
    0x01, 0x01, 0x00, 0xc3, 0x79, 0x72, 0xa4, 0xe2, 0xc6, 0xb7, 0x5d, 0x0f,
    0x41, 0x8c, 0x8e, 0xd1, 0x3c, 0xfd, 0x97, 0xf4, 0x8e, 0x82, 0x7e, 0x75,
    0xac, 0x4d, 0x85, 0xbb, 0xba, 0xe3, 0xd6, 0x22, 0xad, 0xc5, 0xc2, 0xd5,
    0x9d, 0x78, 0x1c, 0xab, 0x9c, 0x33, 0xb7, 0x95, 0x36, 0xcb, 0x63, 0x76,
    0x88, 0xc7, 0x3c, 0xa7, 0xf7, 0xfb, 0x84, 0x1d, 0x7c, 0xc5, 0x17, 0x25,
    0x5f, 0x1d, 0x41, 0xf3, 0x8c, 0xf9, 0x2f, 0x93, 0xab, 0xb2, 0x6b, 0x84,
    0xa9, 0x07, 0x70, 0xa1, 0xa0, 0xb3, 0xe0, 0x86, 0x5b, 0x5f, 0x4e, 0x0c,
    0x78, 0x7f, 0x20, 0x10, 0x12, 0x60, 0x13, 0x5c, 0xf8, 0x15, 0xe0, 0xc6,
    0xcb, 0xb2, 0x61, 0xe4, 0x78, 0x9d, 0xb8, 0x91, 0x60, 0x0f, 0xe6, 0xce,
    0xa4, 0x57, 0xa9, 0xb3, 0xb1, 0x9e, 0x3b, 0xc7, 0xf1, 0x66, 0x96, 0x23,
    0xf7, 0xe5, 0x40, 0xfa, 0xf6, 0x3a, 0xb9, 0x32, 0x64, 0xd0, 0x01, 0x14,
    0x31, 0x81, 0x3c, 0x3e, 0xf1, 0x9e, 0x64, 0x3d, 0xd0, 0x37, 0xee, 0xcd,
    0xf1, 0x82, 0x79, 0x3e, 0x08, 0x48, 0x2d, 0x2f, 0xa4, 0x5d, 0x41, 0xff,
    0x1f, 0xc1, 0x99, 0x26, 0x53, 0xb8, 0x7b, 0x59, 0xe5, 0x79, 0x9d, 0x25,
    0x2c, 0x35, 0xe6, 0x7b, 0x22, 0x02, 0x8c, 0x78, 0x05, 0xda, 0x90, 0x5d,
    0xbd, 0xd4, 0x53, 0xca, 0xa2, 0x73, 0xcc, 0xa0, 0xd7, 0x63, 0x3c, 0x22,
    0xe4, 0x2a, 0xb8, 0xc8, 0x5f, 0x58, 0x74, 0xce, 0x6c, 0x3b, 0xf3, 0x21,
    0x9a, 0xfa, 0xa0, 0x40, 0xc3, 0x10, 0x32, 0x46, 0xbb, 0x14, 0xff, 0xd6,
    0x1c, 0x41, 0x90, 0xb1, 0xb0, 0x0b, 0x59, 0x18, 0xaa, 0xfd, 0x43, 0x63,
    0x4b, 0x7c, 0xf1, 0x68, 0x1d, 0xa7, 0xed, 0x2c, 0x35, 0x11, 0xb8, 0xbc,
    0x02, 0x27, 0xc6, 0x39, 0x48, 0x62, 0x2b, 0xc1, 0xa9, 0x08, 0x53, 0x1f,
    0x7c, 0xdb, 0xa1, 0x6d, 0x41, 0x58, 0xc5, 0x02, 0x03, 0x01, 0x00, 0x01,
    0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
    0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3d, 0xa4, 0x36, 0xc9,
    0x9d, 0x91, 0xd1, 0x25, 0xe7, 0x41, 0x2c, 0x8d, 0xda, 0xcd, 0xb3, 0x8a,
    0x53, 0xe4, 0xee, 0x4f, 0x94, 0xa4, 0x84, 0xee, 0xaf, 0x06, 0x85, 0x6a,
    0xa6, 0x54, 0xe5, 0x8f, 0x12, 0xd3, 0x5e, 0x84, 0x33, 0x7a, 0x1d, 0x66,
    0x24, 0xb0, 0x9d, 0x94, 0x71, 0xad, 0x5b, 0x91, 0x6d, 0x06, 0xf3, 0x7b,
    0x41, 0x8f, 0x1a, 0x97, 0xa2, 0xe9, 0x52, 0x57, 0x2e, 0xfb, 0xaf, 0x1f,
    0xb7, 0xf9, 0x9c, 0xf8, 0xa9, 0xde, 0x4e, 0xdb, 0x92, 0x92, 0x94, 0xe0,
    0x06, 0x50, 0xfa, 0x76, 0x4f, 0x45, 0xeb, 0x8f, 0x60, 0x49, 0xeb, 0x98,
    0x32, 0x65, 0xb9, 0x85, 0xc4, 0x21, 0x81, 0xe3, 0x81, 0x33, 0x41, 0x45,
    0xc4, 0xbc, 0x3b, 0xda, 0x7a, 0x74, 0xe8, 0x4e, 0x3e, 0xc9, 0x39, 0xdf,
    0xdd, 0xa0, 0xb3, 0x49, 0x76, 0x58, 0x13, 0x46, 0x74, 0x66, 0x9e, 0xc1,
    0xbc, 0x6b, 0x37, 0xb8, 0x77, 0x6a, 0x8e, 0xf1, 0x6a, 0xad, 0xb4, 0x75,
    0x13, 0x1b, 0x2b, 0x3f, 0x62, 0x5e, 0xc7, 0x18, 0x6f, 0x65, 0xfa, 0x5c,
    0xc6, 0xb3, 0xf9, 0xa2, 0x83, 0xfa, 0x79, 0x50, 0xfa, 0xa8, 0xc8, 0xa7,
    0xc5, 0xeb, 0x7d, 0x4a, 0x27, 0x82, 0xe5, 0x09, 0xfb, 0x20, 0x06, 0x25,
    0x0a, 0x35, 0x4e, 0x43, 0x01, 0x2e, 0x09, 0x41, 0x8d, 0x1d, 0xf5, 0x4e,
    0x58, 0x72, 0x3c, 0x52, 0x34, 0x25, 0x64, 0xb6, 0xc5, 0x24, 0x9c, 0xd8,
    0xe4, 0xc9, 0xe6, 0xee, 0x23, 0xce, 0xa8, 0x1d, 0x46, 0xd0, 0xc8, 0xd6,
    0x8f, 0x27, 0xc1, 0x48, 0x66, 0x3d, 0x30, 0x7f, 0xf4, 0xf5, 0xd7, 0x81,
    0x3a, 0x62, 0x92, 0xbb, 0x9a, 0x66, 0x65, 0xaf, 0x27, 0x93, 0xd8, 0x63,
    0xfa, 0xa8, 0x3f, 0x14, 0x2e, 0xbd, 0xd2, 0x20, 0x30, 0x5b, 0x41, 0x6d,
    0x01, 0x07, 0x37, 0xe9, 0x9c, 0x8a, 0x07, 0xe3, 0x32, 0xb7, 0x68, 0xae,
    /* Space reserved for tests. */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
};

static UCHAR VERSION2_CA[] = {
    /* Total length */
    0x30, 0x82, 0x03, 0x20,
    0x30, 0x82, 0x02, 0x08,
    /* additional X509 version */
    0x80, 0x01, NX_SECURE_X509_VERSION_3,
    0x02, 0x09, 0x00, 0xc0,
    0xbe, 0x29, 0xae, 0x89, 0x1b, 0xc9, 0xe5, 0x30, 0x0d, 0x06, 0x09, 0x2a,
    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x52,
    0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43,
    0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02,
    0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
    0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a,
    0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
    0x0b, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55,
    0x04, 0x03, 0x0c, 0x06, 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x1e,
    0x17, 0x0d, 0x31, 0x37, 0x31, 0x31, 0x30, 0x39, 0x30, 0x32, 0x33, 0x33,
    0x31, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x38, 0x32, 0x39, 0x30,
    0x32, 0x33, 0x33, 0x31, 0x39, 0x5a, 0x30, 0x52, 0x31, 0x0b, 0x30, 0x09,
    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30,
    0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b,
    0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31,
    0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x45, 0x4c,
    0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x45,
    0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06,
    0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
    0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
    0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
    0x01, 0x01, 0x00, 0xc3, 0x79, 0x72, 0xa4, 0xe2, 0xc6, 0xb7, 0x5d, 0x0f,
    0x41, 0x8c, 0x8e, 0xd1, 0x3c, 0xfd, 0x97, 0xf4, 0x8e, 0x82, 0x7e, 0x75,
    0xac, 0x4d, 0x85, 0xbb, 0xba, 0xe3, 0xd6, 0x22, 0xad, 0xc5, 0xc2, 0xd5,
    0x9d, 0x78, 0x1c, 0xab, 0x9c, 0x33, 0xb7, 0x95, 0x36, 0xcb, 0x63, 0x76,
    0x88, 0xc7, 0x3c, 0xa7, 0xf7, 0xfb, 0x84, 0x1d, 0x7c, 0xc5, 0x17, 0x25,
    0x5f, 0x1d, 0x41, 0xf3, 0x8c, 0xf9, 0x2f, 0x93, 0xab, 0xb2, 0x6b, 0x84,
    0xa9, 0x07, 0x70, 0xa1, 0xa0, 0xb3, 0xe0, 0x86, 0x5b, 0x5f, 0x4e, 0x0c,
    0x78, 0x7f, 0x20, 0x10, 0x12, 0x60, 0x13, 0x5c, 0xf8, 0x15, 0xe0, 0xc6,
    0xcb, 0xb2, 0x61, 0xe4, 0x78, 0x9d, 0xb8, 0x91, 0x60, 0x0f, 0xe6, 0xce,
    0xa4, 0x57, 0xa9, 0xb3, 0xb1, 0x9e, 0x3b, 0xc7, 0xf1, 0x66, 0x96, 0x23,
    0xf7, 0xe5, 0x40, 0xfa, 0xf6, 0x3a, 0xb9, 0x32, 0x64, 0xd0, 0x01, 0x14,
    0x31, 0x81, 0x3c, 0x3e, 0xf1, 0x9e, 0x64, 0x3d, 0xd0, 0x37, 0xee, 0xcd,
    0xf1, 0x82, 0x79, 0x3e, 0x08, 0x48, 0x2d, 0x2f, 0xa4, 0x5d, 0x41, 0xff,
    0x1f, 0xc1, 0x99, 0x26, 0x53, 0xb8, 0x7b, 0x59, 0xe5, 0x79, 0x9d, 0x25,
    0x2c, 0x35, 0xe6, 0x7b, 0x22, 0x02, 0x8c, 0x78, 0x05, 0xda, 0x90, 0x5d,
    0xbd, 0xd4, 0x53, 0xca, 0xa2, 0x73, 0xcc, 0xa0, 0xd7, 0x63, 0x3c, 0x22,
    0xe4, 0x2a, 0xb8, 0xc8, 0x5f, 0x58, 0x74, 0xce, 0x6c, 0x3b, 0xf3, 0x21,
    0x9a, 0xfa, 0xa0, 0x40, 0xc3, 0x10, 0x32, 0x46, 0xbb, 0x14, 0xff, 0xd6,
    0x1c, 0x41, 0x90, 0xb1, 0xb0, 0x0b, 0x59, 0x18, 0xaa, 0xfd, 0x43, 0x63,
    0x4b, 0x7c, 0xf1, 0x68, 0x1d, 0xa7, 0xed, 0x2c, 0x35, 0x11, 0xb8, 0xbc,
    0x02, 0x27, 0xc6, 0x39, 0x48, 0x62, 0x2b, 0xc1, 0xa9, 0x08, 0x53, 0x1f,
    0x7c, 0xdb, 0xa1, 0x6d, 0x41, 0x58, 0xc5, 0x02, 0x03, 0x01, 0x00, 0x01,
    0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
    0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3d, 0xa4, 0x36, 0xc9,
    0x9d, 0x91, 0xd1, 0x25, 0xe7, 0x41, 0x2c, 0x8d, 0xda, 0xcd, 0xb3, 0x8a,
    0x53, 0xe4, 0xee, 0x4f, 0x94, 0xa4, 0x84, 0xee, 0xaf, 0x06, 0x85, 0x6a,
    0xa6, 0x54, 0xe5, 0x8f, 0x12, 0xd3, 0x5e, 0x84, 0x33, 0x7a, 0x1d, 0x66,
    0x24, 0xb0, 0x9d, 0x94, 0x71, 0xad, 0x5b, 0x91, 0x6d, 0x06, 0xf3, 0x7b,
    0x41, 0x8f, 0x1a, 0x97, 0xa2, 0xe9, 0x52, 0x57, 0x2e, 0xfb, 0xaf, 0x1f,
    0xb7, 0xf9, 0x9c, 0xf8, 0xa9, 0xde, 0x4e, 0xdb, 0x92, 0x92, 0x94, 0xe0,
    0x06, 0x50, 0xfa, 0x76, 0x4f, 0x45, 0xeb, 0x8f, 0x60, 0x49, 0xeb, 0x98,
    0x32, 0x65, 0xb9, 0x85, 0xc4, 0x21, 0x81, 0xe3, 0x81, 0x33, 0x41, 0x45,
    0xc4, 0xbc, 0x3b, 0xda, 0x7a, 0x74, 0xe8, 0x4e, 0x3e, 0xc9, 0x39, 0xdf,
    0xdd, 0xa0, 0xb3, 0x49, 0x76, 0x58, 0x13, 0x46, 0x74, 0x66, 0x9e, 0xc1,
    0xbc, 0x6b, 0x37, 0xb8, 0x77, 0x6a, 0x8e, 0xf1, 0x6a, 0xad, 0xb4, 0x75,
    0x13, 0x1b, 0x2b, 0x3f, 0x62, 0x5e, 0xc7, 0x18, 0x6f, 0x65, 0xfa, 0x5c,
    0xc6, 0xb3, 0xf9, 0xa2, 0x83, 0xfa, 0x79, 0x50, 0xfa, 0xa8, 0xc8, 0xa7,
    0xc5, 0xeb, 0x7d, 0x4a, 0x27, 0x82, 0xe5, 0x09, 0xfb, 0x20, 0x06, 0x25,
    0x0a, 0x35, 0x4e, 0x43, 0x01, 0x2e, 0x09, 0x41, 0x8d, 0x1d, 0xf5, 0x4e,
    0x58, 0x72, 0x3c, 0x52, 0x34, 0x25, 0x64, 0xb6, 0xc5, 0x24, 0x9c, 0xd8,
    0xe4, 0xc9, 0xe6, 0xee, 0x23, 0xce, 0xa8, 0x1d, 0x46, 0xd0, 0xc8, 0xd6,
    0x8f, 0x27, 0xc1, 0x48, 0x66, 0x3d, 0x30, 0x7f, 0xf4, 0xf5, 0xd7, 0x81,
    0x3a, 0x62, 0x92, 0xbb, 0x9a, 0x66, 0x65, 0xaf, 0x27, 0x93, 0xd8, 0x63,
    0xfa, 0xa8, 0x3f, 0x14, 0x2e, 0xbd, 0xd2, 0x20, 0x30, 0x5b, 0x41, 0x6d,
    0x01, 0x07, 0x37, 0xe9, 0x9c, 0x8a, 0x07, 0xe3, 0x32, 0xb7, 0x68, 0xae,
    /* Space reserved for tests. */
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
};

static unsigned char test_ca_crl_der[] = {
  0x30, 0x82, 0x01, 0xdf, 0x30, 0x81, 0xc8, 0x02, 0x01, 0x01, 0x30, 0x0d,
  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
  0x00, 0x30, 0x6f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
  0x13, 0x02, 0x55, 0x53, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
  0x08, 0x0c, 0x02, 0x43, 0x41, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55,
  0x04, 0x0a, 0x0c, 0x0d, 0x45, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, 0x20,
  0x4c, 0x6f, 0x67, 0x69, 0x63, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
  0x04, 0x0b, 0x0c, 0x09, 0x4e, 0x58, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72,
  0x65, 0x31, 0x27, 0x30, 0x25, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1e,
  0x4e, 0x58, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x54, 0x65,
  0x73, 0x74, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69,
  0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x37,
  0x31, 0x37, 0x31, 0x38, 0x33, 0x39, 0x33, 0x37, 0x5a, 0x17, 0x0d, 0x31,
  0x38, 0x30, 0x35, 0x31, 0x33, 0x31, 0x38, 0x33, 0x39, 0x33, 0x37, 0x5a,
  0x30, 0x15, 0x30, 0x13, 0x02, 0x02, 0x10, 0x01, 0x17, 0x0d, 0x31, 0x37,
  0x30, 0x37, 0x31, 0x37, 0x31, 0x38, 0x33, 0x36, 0x34, 0x35, 0x5a, 0xa0,
  0x0e, 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x1d, 0x14, 0x04, 0x03,
  0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
  0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x7f,
  0x8e, 0x3d, 0xd2, 0x23, 0x0a, 0x0b, 0x4b, 0x6c, 0x4e, 0x55, 0x11, 0x58,
  0x12, 0x0c, 0x0f, 0xcc, 0xed, 0x86, 0x5c, 0xfc, 0xcc, 0x37, 0x89, 0x19,
  0xe0, 0xea, 0xaa, 0x9c, 0xbd, 0x4f, 0x4c, 0x09, 0x83, 0x0b, 0xfc, 0x32,
  0x04, 0xe0, 0x14, 0xed, 0xb2, 0x85, 0x92, 0x30, 0x10, 0xbf, 0x07, 0xec,
  0x17, 0x83, 0xa6, 0x46, 0x9b, 0x80, 0x4d, 0x68, 0x16, 0xb9, 0x15, 0x0a,
  0x9a, 0x36, 0x93, 0x45, 0x9e, 0xba, 0x61, 0x5d, 0x12, 0x01, 0x7d, 0x39,
  0x10, 0x29, 0x0a, 0x36, 0xb6, 0xf4, 0xf2, 0xf5, 0x34, 0xb0, 0xfc, 0x33,
  0x26, 0x5e, 0x91, 0x5b, 0x81, 0x54, 0xb8, 0x82, 0x73, 0x44, 0x33, 0x71,
  0x1e, 0xf7, 0x60, 0xea, 0xf2, 0xad, 0xcd, 0x4d, 0x33, 0x55, 0x25, 0xe7,
  0x35, 0xfe, 0xca, 0x70, 0x38, 0xd3, 0xe9, 0x0b, 0x8d, 0xa3, 0x85, 0x46,
  0xfd, 0xb2, 0xa0, 0x20, 0x06, 0xf9, 0x8a, 0xb1, 0x56, 0x21, 0x80, 0x78,
  0x28, 0xa2, 0xe5, 0x23, 0x8b, 0xe5, 0x6d, 0xb1, 0x0b, 0xaa, 0x5b, 0xcd,
  0x88, 0x43, 0xfa, 0x68, 0x66, 0x05, 0x3b, 0xf2, 0x7b, 0x93, 0x19, 0xdf,
  0x5b, 0x19, 0x99, 0x15, 0xd3, 0x29, 0xe0, 0xa1, 0x88, 0x39, 0x6b, 0x67,
  0x9e, 0xea, 0x06, 0x8f, 0xb3, 0xe5, 0xb7, 0x24, 0xc3, 0x42, 0x62, 0xb7,
  0xac, 0x01, 0x66, 0xb9, 0x9d, 0x21, 0xc3, 0xea, 0x90, 0x82, 0x8d, 0xbf,
  0xae, 0x6b, 0x92, 0xb8, 0xca, 0x50, 0x1f, 0x2f, 0x1c, 0x78, 0xe5, 0x48,
  0x88, 0x09, 0xac, 0x6b, 0xbf, 0x9a, 0xb4, 0xfb, 0xb1, 0xa5, 0xa1, 0xee,
  0xe9, 0xfa, 0x8f, 0xb5, 0x72, 0x95, 0xb4, 0x2c, 0x1e, 0x74, 0x6c, 0xe1,
  0x48, 0x6a, 0x2d, 0x79, 0xbd, 0x15, 0xc9, 0xdd, 0x78, 0x5d, 0x88, 0x08,
  0xfa, 0xdf, 0x69, 0x44, 0xb3, 0xce, 0x2f, 0x9d, 0x3b, 0x56, 0x76, 0xef,
  0x5f, 0xec, 0x59
};
static unsigned int test_ca_crl_der_len = 483;

static TX_THREAD thread_0;
static VOID thread_0_entry(ULONG thread_input);
static NX_SECURE_X509_CERT trusted_certificate;

#ifdef CTEST
void test_application_define(void *first_unused_memory);
void test_application_define(void *first_unused_memory)
#else
void nx_secure_x509_error_checking_test_application_define(void *first_unused_memory)
#endif
{
    tx_thread_create(&thread_0, "Thread 0", thread_0_entry, 0,
        first_unused_memory, 4096,
        16, 16, 4, TX_AUTO_START);
}

static VOID thread_0_entry(ULONG thread_input)
{
UINT status, bytes_processed;
UCHAR buffer[100], backup, backup1, backup2, backup3, backup4;
NX_SECURE_RSA_PRIVATE_KEY rsa;

    /* Print out test information banner.  */
    printf("NetX Secure Test:   X509 Error Checking Test...........................");

    /* The length of the private key is 0. */
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)TestCA_der, sizeof(TestCA_der), NX_NULL, 0, buffer, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SUCCESS, status);

    /* Extended the length of the certificate raw data. */
    TestCA_der[3] += 0x10;
    TestCA_der[7] += 0x10;

    /* Unsupported multi-byte encoded. */
    TestCA_der[528] = NX_SECURE_ASN_TAG_MULTIBYTE_MASK;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)TestCA_der, sizeof(TestCA_der), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    memset(&trusted_certificate, 0, sizeof(trusted_certificate));
    /* Set an valid tag for the unique ids field. */
    TestCA_der[528] = 0x30;
    /* tlv length overflow. */
    TestCA_der[529] = 0x11;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)TestCA_der, sizeof(TestCA_der), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    memset(&trusted_certificate, 0, sizeof(trusted_certificate));
    /* NX_SECURE_ASN_TAG_CLASS_CONTEXT + NX_SECURE_X509_TAG_ISSUER_UNIQUE_ID */
    TestCA_der[528] = 0x81;
    /* tlv length */
    TestCA_der[529] = 1;
    /* issuer id field */
    TestCA_der[530] = 0x01;
    /* Next item is invalid. */
    TestCA_der[531] = NX_SECURE_ASN_TAG_MULTIBYTE_MASK;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)TestCA_der, sizeof(TestCA_der), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* The tag of next item is valid but tlv_length is too long. */
    /* NX_SECURE_ASN_TAG_CLASS_CONTEXT + NX_SECURE_X509_TAG_ISSUER_UNIQUE_ID */
    TestCA_der[531] = 0x81;
    TestCA_der[532] = 0x11;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)TestCA_der, sizeof(TestCA_der), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* Subject id exists. */
    /* NX_SECURE_ASN_TAG_CLASS_CONTEXT + NX_SECURE_X509_TAG_ISSUER_UNIQUE_ID */
    TestCA_der[531] = 0x82;
    /* tlv length */
    TestCA_der[532] = 1;
    /* subject id field */
    TestCA_der[533] = 0x01;
    /* Optional fields is invalid for the current certificate version. */
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)TestCA_der, sizeof(TestCA_der), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* Extended the length of the certificate raw data. */
    VERSION2_CA[3] += 0x10;
    VERSION2_CA[7] += 0x10;

    /* NX_SECURE_ASN_TAG_CLASS_CONTEXT + NX_SECURE_X509_TAG_ISSUER_UNIQUE_ID */
    VERSION2_CA[531] = 0x81;
    VERSION2_CA[532] = 0x01;
    VERSION2_CA[533] = 0xff;
    /* NX_SECURE_ASN_TAG_CLASS_CONTEXT + NX_SECURE_X509_TAG_SUBJECT_ID */
    VERSION2_CA[534] = 0x82;
    VERSION2_CA[535] = 0x01;
    VERSION2_CA[536] = 0xff;
    /* Invalid tlv tag. */
    VERSION2_CA[537] = NX_SECURE_ASN_TAG_MULTIBYTE_MASK;
    VERSION2_CA[538] = 0x01;
    VERSION2_CA[539] = 0xff;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* NX_SECURE_ASN_TAG_CLASS_CONTEXT + NX_SECURE_X509_TAG_EXTENSION */
    VERSION2_CA[537] = 0x83;
    /* tlv_length overflow. */
    VERSION2_CA[538] = 0x10;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* NX_SECURE_ASN_TAG_CLASS_CONTEXT + NX_SECURE_X509_TAG_SUBJECT_ID */
    VERSION2_CA[537] = 0x82;
    VERSION2_CA[538] = 0x01;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* Extensions are not supported in x509 version 2. */
    VERSION2_CA[10] = NX_SECURE_X509_VERSION_2;
    /* NX_SECURE_ASN_TAG_CLASS_CONTEXT + NX_SECURE_X509_TAG_EXTENSION */
    VERSION2_CA[537] = 0x83;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* Correct x509 version. */
    VERSION2_CA[10] = NX_SECURE_X509_VERSION_3;
    /* Incorrect tlv tag where extension sequence is expected. */
    VERSION2_CA[539] = 0x82;
    VERSION2_CA[540] = 0x01;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* Remove extensions. */
    VERSION2_CA[7] = 0x11;
    /* x509_parse_cert_data return after x509_parse_unique_ids. */
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* Tests for x509_pkcsl_rsa_private_key_parse. */
    /* NX_SECURE_ASN_TAG_SEQUENCE + NX_SECURE_ASN_TAG_CLASS_UNIVERSAL. */
    buffer[0] = 0x30;
    buffer[1] = 0x13;
    /* NX_SECURE_ASN_TAG_INTEGER + NX_SECURE_ASN_TAG_CLASS_UNIVERSAL is expected actually. */
    buffer[2] = 0x82;
    buffer[3] = 0x01;
    status = _nx_secure_x509_pkcs1_rsa_private_key_parse(buffer, 0xff/* length */, &bytes_processed, NX_NULL/* rsa_key */);
    EXPECT_EQ(NX_SECURE_PKCS1_INVALID_PRIVATE_KEY, status);

    /* NX_SECURE_ASN_TAG_INTEGER + NX_SECURE_ASN_TAG_CLASS_UNIVERSAL. */
    buffer[2] = 0x22;
    buffer[3] = 0x01;
    /* the multi version value. */
    buffer[4] = 0x01;
    /* NX_SECURE_ASN_TAG_INTEGER + NX_SECURE_ASN_TAG_CLASS_UNIVERSAL is expected actually. */
    buffer[5] = 0x82;
    buffer[6] = 0x01;
    status = _nx_secure_x509_pkcs1_rsa_private_key_parse(buffer, 0xff/* length */, &bytes_processed, NX_NULL/* rsa_key */);
    EXPECT_EQ(NX_SECURE_PKCS1_INVALID_PRIVATE_KEY, status);

    /* NX_SECURE_ASN_TAG_INTEGER + NX_SECURE_ASN_TAG_CLASS_UNIVERSAL. */
    buffer[5] = 0x02;
    buffer[6] = 0x01; /* tlv_length */
    buffer[7] = 0xff; /* modulus field */
    /* NX_SECURE_ASN_TAG_INTEGER + NX_SECURE_ASN_TAG_CLASS_UNIVERSAL is expected actually. */
    buffer[8] = 0x82;
    buffer[9] = 0x01; /* tlv_length */
    /* rsa = NX_NULL. */
    status = _nx_secure_x509_pkcs1_rsa_private_key_parse(buffer, 0xff/* length */, &bytes_processed, NX_NULL/* rsa_key */);
    EXPECT_EQ(NX_SECURE_PKCS1_INVALID_PRIVATE_KEY, status);

    /* asn1_parse_unsigned_integer return directly. */
    status = _nx_secure_x509_pkcs1_rsa_private_key_parse(buffer, 0xff/* length */, &bytes_processed, &rsa/* rsa_key */);
    EXPECT_EQ(NX_SECURE_PKCS1_INVALID_PRIVATE_KEY, status);

    /* modulus is negative. */
    buffer[6] = 0x02; /* tlv_length */
    /* modulus field */
    /* Invalid negative integer */
    buffer[7] = 0x00;
    buffer[8] = 0x01;
    /* Unexpected tlv_class_type. */
    buffer[9] = 0x82;
    buffer[10] = 0x01;
    status = _nx_secure_x509_pkcs1_rsa_private_key_parse(buffer, 0xff/* length */, &bytes_processed, &rsa/* rsa_key */);
    EXPECT_EQ(NX_SECURE_PKCS1_INVALID_PRIVATE_KEY, status);

    /* Public exponent field. */
    buffer[9] = 0x02;
    buffer[10] = 0x01;
    buffer[11] = 0xff;
    /* Unexpected tlv_class_type. */
    buffer[12] = 0x82;
    buffer[13] = 0x01;
    buffer[14] = 0xff;
    status = _nx_secure_x509_pkcs1_rsa_private_key_parse(buffer, 0xff/* length */, &bytes_processed, NX_NULL/* rsa_key */);
    EXPECT_EQ(NX_SECURE_PKCS1_INVALID_PRIVATE_KEY, status);

    /* NX_SECURE_ASN_TAG_INTEGER + NX_SECURE_ASN_TAG_CLASS_UNIVERSAL. */
    buffer[12] = 0x02;
    /* Unexpected tlv_class_type. */
    /* Private prime p field. */
    buffer[15] = 0x82;
    buffer[16] = 0x01;
    buffer[17] = 0xff;
    status = _nx_secure_x509_pkcs1_rsa_private_key_parse(buffer, 0xff/* length */, &bytes_processed, NX_NULL/* rsa_key */);
    EXPECT_EQ(NX_SECURE_PKCS1_INVALID_PRIVATE_KEY, status);

    /* NX_SECURE_ASN_TAG_INTEGER + NX_SECURE_ASN_TAG_CLASS_UNIVERSAL. */
    buffer[15] = 0x02;
    /* Unexpected tlv_class_type. */
    /* Private prime q field. */
    buffer[18] = 0x82;
    buffer[19] = 0x01;
    buffer[20] = 0xff;
    status = _nx_secure_x509_pkcs1_rsa_private_key_parse(buffer, 0xff/* length */, &bytes_processed, NX_NULL/* rsa_key */);
    EXPECT_EQ(NX_SECURE_PKCS1_INVALID_PRIVATE_KEY, status);

    /* NX_SECURE_ASN_TAG_INTEGER + NX_SECURE_ASN_TAG_CLASS_UNIVERSAL. */
    buffer[18] = 0x02;
    status = _nx_secure_x509_pkcs1_rsa_private_key_parse(buffer, 0xff/* length */, &bytes_processed, NX_NULL/* rsa_key */);
    EXPECT_EQ(NX_SECURE_X509_SUCCESS, status);

    /* Called this function with different name type. Only DNSNAME is passed to this function in current version. */
    NX_SECURE_X509_EXTENSION extension;
    extension.nx_secure_x509_extension_data = buffer;
    extension.nx_secure_x509_extension_data_length = 0x04;
    UCHAR name[20];
    /* Invalid tag. NX_SECURE_ASN_TAG_CLASS_UNIVERSAL + NX_SECURE_ASN_TAG_SEQUENCE is expected. */
    buffer[0] = 0x80;
    /* tlv_length */
    buffer[1] = 0x02;
    status = _nx_secure_x509_subject_alt_names_find(&extension, name, sizeof(name), NX_SECURE_X509_SUB_ALT_NAME_TAG_OTHERNAME);
    EXPECT_EQ(NX_SECURE_X509_INVALID_EXTENSION_SEQUENCE, status);

    /* NX_SECURE_ASN_TAG_CLASS_UNIVERSAL + NX_SECURE_ASN_TAG_SEQUENCE is expected. */
    buffer[0] = 0x10;
    /* NX_SECURE_ASN_TAG_CLASS_CONTEXT + NX_SECURE_X509_SUB_ALT_NAME_TAG_OTHERNAME. */
    buffer[2] = 0x80;
    buffer[3] = 0x00;
    status = _nx_secure_x509_subject_alt_names_find(&extension, name, sizeof(name), NX_SECURE_X509_SUB_ALT_NAME_TAG_OTHERNAME);
    EXPECT_EQ(NX_SECURE_X509_ALT_NAME_NOT_FOUND, status);
    
    /* Test for branches in x509.c */
    /* Unexpected tlv_type_class. */
    VERSION2_CA[0] = 0xb0; /* NX_SECURE_ASN_TAG_CLASS_CONTEXT + NX_SECURE_ASN_TAG_SEQUENCE */
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    VERSION2_CA[0] = 0x30;
    /* Unexecpted asn1 tag in rsa oid structure. */
    VERSION2_CA[261] = 0x70;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* Unexecpted tlv_type_class. */
    VERSION2_CA[261] = 0xb0;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[261] = 0x30;

    /* Unexpected tlv tag for the public modulus. */
    VERSION2_CA[265] = 0x70;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* Unexpected tlv_type_class. */
    VERSION2_CA[265] = 0xa2;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[265] = 0x02;

    /* Unexpected tlv flag for the public exponent. */
    VERSION2_CA[526] = 0x70;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    VERSION2_CA[526] = 0xa2;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[526] = 0x02;

    /* Unexpected tlv tag for cert data. */
    VERSION2_CA[4] = 0xb0;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[4] = 0x30;

    /* Unexpected tlv tag for serial num. */
    backup = VERSION2_CA[11];
    VERSION2_CA[11] = 0xa2;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[11] = backup;

    /* Unexpected tlv tag for signature algorithm. */
    backup = VERSION2_CA[22];
    VERSION2_CA[22] = 0xb0;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[22] = backup;

    /* Unexpected tlv tag for issuer. */
    backup = VERSION2_CA[37];
    VERSION2_CA[37] = 0xb0;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[37] = backup;

    /* Unexpected tlv tag for validity. */
    backup = VERSION2_CA[121];
    VERSION2_CA[121] = 0xb0;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[121] = backup;

    /* Unexpected tlv tag for the "not before" field. */
    backup = VERSION2_CA[123];
    VERSION2_CA[123] = 0xb8;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[123] = backup;

    /* Unexpected tlv tag for the "not after" field. */
    backup = VERSION2_CA[138];
    VERSION2_CA[138] = 0xb8;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[138] = backup;

    /* Unexpected tlv tag for subject. */
    backup = VERSION2_CA[153];
    VERSION2_CA[153] = 0xb0;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[153] = backup;

    /* Unexpected tlv tag for the outermost sequence of the public key. */
    backup = VERSION2_CA[237];
    VERSION2_CA[237] = 0xb0;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[237] = backup;

    /* Unexpected tlv tag for the OID sequence of the public key. */
    backup = VERSION2_CA[241];
    VERSION2_CA[241] = 0xb0;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[241] = backup;

    /* Unexpected tlv tag for the NULL sequence appending to the OID. */
    backup = VERSION2_CA[254];
    VERSION2_CA[254] = 0xa5;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[254] = backup;

    /* Unexptected tlv flag the unique ids. */
    backup = VERSION2_CA[531];
    VERSION2_CA[531] = 0x30;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[531] = backup;

    /* Extended the length of the certificate raw data. */
    backup = VERSION2_CA[531];
    VERSION2_CA[531] = 0xa3;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[531] = backup;

    /* Not enough length for unique ids. */
    backup = VERSION2_CA[7];
    VERSION2_CA[7] -= 3;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    VERSION2_CA[7] = backup;

    backup = VERSION2_CA[7];
    VERSION2_CA[7] += 4; /* Extend the certificate. */
    backup1 = VERSION2_CA[537];
    VERSION2_CA[537] = 0xa3; /* ASN_TAG_CLASS_CONTEXT + TAG_EXTENSIONS */
    backup2 = VERSION2_CA[538];
    VERSION2_CA[538] = 0x02; /* tlv_length */
    backup3 = VERSION2_CA[539];
    /* Invalid tlv tag for extension sequence. */
    VERSION2_CA[539] = 0x31;
    backup4 = VERSION2_CA[540];
    VERSION2_CA[540] = 0; /* tlv_length */
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    /* Ignored tlv type class for extension sequence. */
    VERSION2_CA[539] = 0x80;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[7] = backup;
    VERSION2_CA[537] = backup1;
    VERSION2_CA[538] = backup2;
    VERSION2_CA[539] = backup3;
    VERSION2_CA[540] = backup4;

    VERSION2_CA[543] = 0x30; /* tlv tag for signature algorithm block. */
    VERSION2_CA[544] = 0x30; /* tlv length */
    VERSION2_CA[545] = 0x26; /* ASN_CLASS_TAG_UNIVERSAL + ASN_TAG_OID */
    VERSION2_CA[546] = 0x01; /* tlv length */
    VERSION2_CA[548] = 0x25; /* ASN_CLASS_TAG_UNIVERSAL + ASN_TAG_NULL */
    VERSION2_CA[549] = 0; /* tlv length */
    /* Invalid tlv tag for signature data. */
    VERSION2_CA[550] = 0xa3; /* ASN_CLASS_TAG_CONTEXT + ASN_TAG_BIT_STRING */
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);

    /* signature algorithm block length overflow. */
    backup = VERSION2_CA[25];
    VERSION2_CA[25] = 0x82;
    backup1 = VERSION2_CA[27];
    VERSION2_CA[27] = 0x01;
    status = nx_secure_x509_certificate_initialize(&trusted_certificate, VERSION2_CA, sizeof(VERSION2_CA), NX_NULL, 0, NX_NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE, status);
    VERSION2_CA[25] = backup;
    VERSION2_CA[27] = backup1;

#ifndef NX_SECURE_X509_DISABLE_CRL
    UINT crl_bytes;
    NX_SECURE_X509_CRL crl;

    /* Invalid first tlv tag. */
    backup = test_ca_crl_der[0];
    test_ca_crl_der[0] = 0xb0;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE_SEQUENCE, status);
    test_ca_crl_der[0] = backup;

    /* Invalid tlv tag for TBCertList. */
    backup = test_ca_crl_der[4];
    test_ca_crl_der[4] = 0xb0;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE_DATA, status);
    test_ca_crl_der[4] = backup;

    /* Invalid tlv tag for crl signature algorithm. */
    backup = test_ca_crl_der[10];
    test_ca_crl_der[10] = 0xb0;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    EXPECT_EQ(NX_SECURE_X509_UNEXPECTED_ASN1_TAG, status);
    test_ca_crl_der[10] = backup;

    /* Invalid tlv tag for crl signature data. */
    backup = test_ca_crl_der[222];
    test_ca_crl_der[222] = 0xa3;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    EXPECT_EQ(NX_SECURE_X509_UNEXPECTED_ASN1_TAG, status);
    test_ca_crl_der[222] = backup;

    /* Invalid tlv tag for crl issuer. */
    backup = test_ca_crl_der[25];
    test_ca_crl_der[25] = 0xb0;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    EXPECT_EQ(NX_SECURE_X509_UNEXPECTED_ASN1_TAG, status);
    test_ca_crl_der[25] = backup;

    /* Invalid tlv tag for crl revoked certs list. */
    backup = test_ca_crl_der[168];
    test_ca_crl_der[168] = 0xb0;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    EXPECT_EQ(NX_SECURE_X509_INVALID_CERTIFICATE_DATA, status);
    test_ca_crl_der[168] = backup;

    /* crl update times. */

    /* Invalid tlv type for thisUpdate field. */
    backup = test_ca_crl_der[138];
    test_ca_crl_der[138] = 0x38;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    test_ca_crl_der[138] = backup;

    /* Invalid tlv class type for thisUpdate field. */
    backup = test_ca_crl_der[138];
    test_ca_crl_der[138] = 0xb7;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    test_ca_crl_der[138] = backup;

    /* Invalid tlv type for nextUpdate field. */
    backup = test_ca_crl_der[153];
    test_ca_crl_der[153] = 0x38;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    test_ca_crl_der[153] = backup;

    /* Invalid tlv class type for thisUpdate field. */
    backup = test_ca_crl_der[153];
    test_ca_crl_der[153] = 0xb7;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    test_ca_crl_der[153] = backup;

    /* Invalid tlv tag for crl version. */
    backup = test_ca_crl_der[7];
    test_ca_crl_der[7] = 0xa2;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    test_ca_crl_der[7] = backup;

    /* Invalid tlv tag for crl extensions. */
    backup = test_ca_crl_der[191];
    test_ca_crl_der[191] = 0xa1;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    test_ca_crl_der[191] = backup;

    /* Invalid length for OIDs. */
    backup = test_ca_crl_der[13];
    test_ca_crl_der[13] = 0x82;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    test_ca_crl_der[13] = backup;

    /* Get ASN_TAG_NULL before any OIDs found. */
    backup = test_ca_crl_der[12];
    test_ca_crl_der[12] = 0x25;
    status = _nx_secure_x509_certificate_revocation_list_parse(test_ca_crl_der, test_ca_crl_der_len, &crl_bytes, &crl);
    EXPECT_EQ(NX_SECURE_X509_MISSING_SIGNATURE_ALGORITHM, status);
    test_ca_crl_der[12] = backup;
#endif /* NX_SECURE_X509_DISABLE_CRL */

    /* NULL terminator not found. */
    buffer[1] = 0;
    buffer[2] = 1;
    buffer[3] = 1;
    buffer[4] = 1;
    status = _nx_secure_x509_pkcs7_decode(buffer, 3, NX_NULL, NX_NULL, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);
    
    /* Invalid tlv length. */
    buffer[4] = 0x71;
    buffer[2] = 0; /* NULL terminator. */
    buffer[3] = 0x30; /* ASN_TAG_SEQUENCE & ASN_TAG_CLASS_UNIVERSAL */
    status = _nx_secure_x509_pkcs7_decode(buffer, 0x70, NX_NULL, NX_NULL, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);
    buffer[4] = 0x60; /* Valid tlv length. */

    /* Invalid asn tag class. */
    buffer[3] = 0xb0; /* ASN_TAG_SEQUENCE & ASN_TAG_CLASS_CONTEXT */
    status = _nx_secure_x509_pkcs7_decode(buffer, 0x70, NX_NULL, NX_NULL, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);
    buffer[3] = 0x30; /* ASN_TAG_SEQUENCE & ASN_TAG_CLASS_UNIVERSAL */

    /* Invalid tlv type. */
    buffer[5] = 0x21;
    buffer[6] = 0x60; /* tlv length */
    status = _nx_secure_x509_pkcs7_decode(buffer, 0x70, NX_NULL, NX_NULL, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);

    /* Invalid tlv class type. */
    buffer[5] = 0xb0;
    status = _nx_secure_x509_pkcs7_decode(buffer, 0x70, NX_NULL, NX_NULL, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);
    buffer[5] = 0x30; /* restore */

    /* OID sequence length too long. */
    buffer[6] = 0x71;
    status = _nx_secure_x509_pkcs7_decode(buffer, 0x70, NX_NULL, NX_NULL, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);
    buffer[6] = 0x60;

    /* Invalid tlv class type for OIDs. */
    buffer[7] = 0xb0;
    buffer[8] = 0x01;
    status = _nx_secure_x509_pkcs7_decode(buffer, 0x70, NX_NULL, NX_NULL, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);
    buffer[7] = 0x30;

    /* Invalid tlv length for OIDs. */
    buffer[8] = 0x61;
    status = _nx_secure_x509_pkcs7_decode(buffer, 0x70, NX_NULL, NX_NULL, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);
    buffer[8] = 0x01;

    const UCHAR* sig_ptr;
    UINT sig_oid_len;
    /* Invalid tlv class type for OIDs. */
    buffer[7] = 0x30;
    /* Invalid tlv type for signature hash. */
    buffer[10] = 0x21;
    buffer[11] = 0x01;
    status = _nx_secure_x509_pkcs7_decode(buffer, 0x70, &sig_ptr, &sig_oid_len, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);

    /* Invalid tlv class type for signature hash. */
    buffer[10] = 0xa4;
    status = _nx_secure_x509_pkcs7_decode(buffer, 0x70, &sig_ptr, &sig_oid_len, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);

    /* Invalid tlv length for signature hash. */
    buffer[11] = 0x61;
    status = _nx_secure_x509_pkcs7_decode(buffer, 0x70, &sig_ptr, &sig_oid_len, NX_NULL, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_PKCS7_PARSING_FAILED, status);

    /* Invalid tlv tag for the set of the distinguished name information. */

    /* Invalid tlv class type for the set of the name. */
    buffer[0] = 0xb1;
    status = _nx_secure_x509_distinguished_name_parse(buffer, 16, &bytes_processed, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_UNEXPECTED_ASN1_TAG, status);
    buffer[0] = 0x31;

    buffer[1] = 0x08;
    /* Invalid tlv type for the sequence of the name. */
    buffer[2] = 0xb0;
    buffer[3] = 0x00;
    status = _nx_secure_x509_distinguished_name_parse(buffer, 16, &bytes_processed, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_UNEXPECTED_ASN1_TAG, status);
    buffer[2] = 0x30;

    buffer[3] = 0x04; /* tlv length */
    /* Invalid tlv class type for the first OID. */
    buffer[4] = 0xa6;
    buffer[5] = 0x02;
    status = _nx_secure_x509_distinguished_name_parse(buffer, 16, &bytes_processed, NX_NULL);
    EXPECT_EQ(NX_SECURE_X509_UNEXPECTED_ASN1_TAG, status);

    NX_SECURE_X509_CERT cert;
    cert.nx_secure_x509_extensions_data = buffer;
    cert.nx_secure_x509_extensions_data_length = 16;
    /* Invalid tlv type for extension sequence. */
    buffer[0] = 0xb0;
    status = _nx_secure_x509_extension_find(&cert, NX_NULL, 0);
    EXPECT_EQ(status, NX_SECURE_X509_INVALID_EXTENSION_SEQUENCE);

#ifndef NX_SECURE_ENABLE_ECC_CIPHERSUITE
    /* The certificate's crypto operations are null. */
    cert.nx_secure_x509_signature_algorithm = 0xff; /* crypto_identifier */
    NX_SECURE_X509_CRYPTO _x509_cipher_table;
    _x509_cipher_table.nx_secure_x509_crypto_identifier = 0xff;
    cert.nx_secure_x509_cipher_table = &_x509_cipher_table;
    cert.nx_secure_x509_cipher_table_size = 1;
    NX_CRYPTO_METHOD method1;
    _x509_cipher_table.nx_secure_x509_hash_method = &method1;
    _x509_cipher_table.nx_secure_x509_public_cipher_method = &method1;
    method1.nx_crypto_init = NX_NULL;
    method1.nx_crypto_operation = NX_NULL;
    method1.nx_crypto_cleanup = NX_NULL;
    status = _nx_secure_x509_certificate_verify(NX_NULL, &cert, &cert);

    /* The certificate's crypto operations are null. */
    crl.nx_secure_x509_crl_signature_algorithm = 0xff; /* crypto_identifier */
    status = _nx_secure_x509_crl_verify(&cert, &crl, NX_NULL, &cert);
#endif /* NX_SECURE_ENABLE_ECC_CIPHERSUITE */

    printf("SUCCESS!\n");
    test_control_return(0);
};
